From feeaa721024561f9fa759a3c0999c58253a73d4b Mon Sep 17 00:00:00 2001
From: Ivan <ivan@quad4.io>
Date: Fri, 31 Oct 2025 07:39:34 -0500
Subject: [PATCH] Update GitHub Actions workflows

- Pin to full -length commit hash
- Add master alongside main
---
 .github/workflows/benchmark-gc.yml        |  8 +++-----
 .github/workflows/build.yml               | 14 +++++++-------
 .github/workflows/go-test.yml             |  8 +++++---
 .github/workflows/gosec.yml               |  7 ++++++-
 .github/workflows/performance-monitor.yml |  8 ++++----
 .github/workflows/revive.yml              |  8 ++++----
 .github/workflows/tinygo.yml              | 12 +++++-------
 7 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/benchmark-gc.yml b/.github/workflows/benchmark-gc.yml
index b1678b3..ea967cf 100644
--- a/.github/workflows/benchmark-gc.yml
+++ b/.github/workflows/benchmark-gc.yml
@@ -1,5 +1,3 @@
-# TODO: Add full length action hashes for all actions
-
 name: Benchmark GC Performance
 
 on:
@@ -18,15 +16,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version: '1.25'
 
     - name: Cache Go modules
-      uses: actions/cache@v3
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
       with:
         path: |
           ~/.cache/go-build
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d36e2d3..462b8b2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,11 +2,11 @@ name: Go Build Multi-Platform
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "master" ]
     tags:
       - 'v*'
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "master" ]
 
 jobs:
   build:
@@ -27,10 +27,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version: '1.25'
 
@@ -58,7 +58,7 @@ jobs:
         echo "Calculated SHA256 for ${output_name}"
 
     - name: Upload Artifact
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
         name: reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }}
         path: reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }}*
@@ -74,7 +74,7 @@ jobs:
 
     steps:
       - name: Download All Build Artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           path: ./release-assets
 
@@ -82,6 +82,6 @@ jobs:
         run: ls -R ./release-assets
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           files: ./release-assets/*/*
diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml
index 93689bc..3650a88 100644
--- a/.github/workflows/go-test.yml
+++ b/.github/workflows/go-test.yml
@@ -4,9 +4,11 @@ on:
   push:
     branches:
       - main
+      - master
   pull_request:
     branches:
       - main
+      - master
 
 permissions:
   contents: read
@@ -34,15 +36,15 @@ jobs:
 
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Go 1.25
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: '1.25'
 
       - name: Cache Go modules
-        uses: actions/cache@v3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: |
             ~/go/pkg/mod
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index b887cf2..c1746ee 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -1,13 +1,18 @@
 name: Run Gosec
+
 on:
   push:
     branches:
       - main
+      - master
   pull_request:
     branches:
       - main
+      - master
+
 permissions:
   contents: read
+
 jobs:
   tests:
     runs-on: ubuntu-latest
@@ -15,7 +20,7 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout Source
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Run Gosec Security Scanner
         uses: securego/gosec@master
         with:
diff --git a/.github/workflows/performance-monitor.yml b/.github/workflows/performance-monitor.yml
index f4691dd..1030213 100644
--- a/.github/workflows/performance-monitor.yml
+++ b/.github/workflows/performance-monitor.yml
@@ -2,9 +2,9 @@ name: Performance Monitor
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, master ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, master ]
   workflow_dispatch:
 
 jobs:
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version: '1.25'
 
diff --git a/.github/workflows/revive.yml b/.github/workflows/revive.yml
index 323376d..f08aaee 100644
--- a/.github/workflows/revive.yml
+++ b/.github/workflows/revive.yml
@@ -2,9 +2,9 @@ name: Go Revive Lint
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "master" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "master" ]
 
 jobs:
   lint:
@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version: '1.25'
 
diff --git a/.github/workflows/tinygo.yml b/.github/workflows/tinygo.yml
index 60897a1..3fe0c87 100644
--- a/.github/workflows/tinygo.yml
+++ b/.github/workflows/tinygo.yml
@@ -2,11 +2,9 @@ name: TinyGo Build
 
 on:
   push:
-    branches: [ "main", "master" ]
-    tags:
-      - 'v*'
+    branches: [ "tinygo" ]
   pull_request:
-    branches: [ "main", "master" ]
+    branches: [ "tinygo" ]
 
 jobs:
   tinygo-build:
@@ -32,10 +30,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     - name: Set up Go
-      uses: actions/setup-go@v6
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00
       with:
         go-version: '1.24'
 
@@ -60,7 +58,7 @@ jobs:
         fi
 
     - name: Upload Artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
         name: ${{ matrix.name }}
         path: bin/${{ matrix.output }}*